fix: env -u PKG_EXECPATH in sudo wrapper + pre-install components at build
PKG_EXECPATH inherited from parent caused pkg bootstrap to treat argv[1] as a module path. Fix: env -u unsets only PKG_EXECPATH so bootstrap starts fresh while all auth/session vars are preserved. Depth guard prevents loops. Also pre-run component installation during Docker build so the sudo code path is never hit at runtime. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,54 +1,20 @@
|
||||
#!/bin/bash
|
||||
# sudo-wrapper.sh
|
||||
#
|
||||
# purevpn-cli calls: sudo purevpn-cli --connect <loc> --install-missing-components
|
||||
#
|
||||
# Problem: PKG_EXECPATH inherited from the parent makes the pkg bootstrap treat
|
||||
# argv[1] as a module path → "Cannot find module '/--connect'" (or '/--install...')
|
||||
# regardless of arg order.
|
||||
#
|
||||
# Solution:
|
||||
# 1. Strip --install-missing-components (not a commander.js flag; causes errors)
|
||||
# 2. Unset PKG_EXECPATH only (-u) so the child's bootstrap starts fresh and
|
||||
# loads the embedded main module. All other env vars (auth, session) are kept.
|
||||
# 3. Depth guard prevents infinite recursion if the child also tries to sudo.
|
||||
# Strip PKG_EXECPATH so the child's pkg bootstrap starts fresh.
|
||||
# When PKG_EXECPATH is inherited, bootstrap treats argv[1] as a module path
|
||||
# causing "Cannot find module '/--connect'" or '/--install-missing-components'.
|
||||
# env -u unsets only PKG_EXECPATH; all auth/config/session vars are kept.
|
||||
# Depth guard prevents infinite recursion.
|
||||
|
||||
DEPTH="${PUREVPN_SUDO_DEPTH:-0}"
|
||||
if [[ "$DEPTH" -ge 2 ]]; then
|
||||
echo "[sudo-wrapper] recursion depth $DEPTH — exiting 0" >&2
|
||||
echo "[sudo-wrapper] depth $DEPTH — exiting 0" >&2
|
||||
exit 0
|
||||
fi
|
||||
NEXT_DEPTH=$(( DEPTH + 1 ))
|
||||
|
||||
binary=""
|
||||
has_install_flag=false
|
||||
other_args=()
|
||||
|
||||
args=()
|
||||
for a in "$@"; do
|
||||
case "$a" in
|
||||
-E|-n|-H|--preserve-env|--non-interactive) continue ;; # sudo flags, skip
|
||||
--install-missing-components) has_install_flag=true ;; # strip, don't pass
|
||||
*)
|
||||
if [[ -z "$binary" ]]; then
|
||||
binary="$a"
|
||||
else
|
||||
other_args+=("$a")
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
case "$a" in -E|-n|-H) ;; *) args+=("$a") ;; esac
|
||||
done
|
||||
|
||||
if [[ -z "$binary" ]]; then
|
||||
echo "[sudo-wrapper] no binary supplied" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$has_install_flag" == "true" ]]; then
|
||||
echo "[sudo-wrapper] stripped --install-missing-components, unset PKG_EXECPATH (depth=$NEXT_DEPTH): $binary ${other_args[*]}" >&2
|
||||
exec env -u PKG_EXECPATH PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \
|
||||
"$binary" "${other_args[@]}"
|
||||
else
|
||||
echo "[sudo-wrapper] passthrough (depth=$NEXT_DEPTH): $binary ${other_args[*]}" >&2
|
||||
exec env PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \
|
||||
"$binary" "${other_args[@]}"
|
||||
fi
|
||||
echo "[sudo-wrapper] depth=$(( DEPTH+1 )): ${args[*]}" >&2
|
||||
exec env -u PKG_EXECPATH PUREVPN_SUDO_DEPTH=$(( DEPTH+1 )) "${args[@]}"
|
||||
|
||||
Reference in New Issue
Block a user